Nice introduction to ITAM from Walker.
When preparing for IT Audits it is also important to focus on where your risk is highest not just on what is easiest to inventory and match entitlement too.

A company's greatest risk is actually on the server side because the costs of getting it wrong here can be 10s or 100s of times more expensive than for desktop. It is further compounded by the rules around virtualisation that are inconsistent across vendors.

You need to have an accurate inventory of what is deployed and on what platforms, only then can you match against what you are entitled to run.

My 1-2-3-4 steps would be:
1. What's deployed (inventory)
2. Gather license metrics
3. Match to entitlement
4. Act on the gaps